Quantcast and Clearspring agree settlement of Flash cookie complaints

US— Web measurement firm Quantcast and ad widget company Clearspring have agreed to settle class action lawsuits accusing the pair of using Flash cookies to keep tracking web users against their wishes.

The settlement – still awaiting court approval – will see the firms pay a combined $2.4m into a fund to support non-profit organisations that educate consumers about online privacy, but both companies continue to deny any wrongdoing and deny that they use Flash cookies in the manner alleged.

In a blog post, Quantcast said it chose to settle “to bring clarity and certainty to our customers and to avoid the burden and cost of further litigation”. Clearspring said it wanted to avoid “protracted and costly defence”.

Quantcast uses Flash cookies to measure audiences for videos, widgets, music and other Flash content hosted on websites. Clearspring previously stated that it uses the technology “in a manner consistent with other leading Flash analytics providers to deliver standard web analytics to publishers”.

Flash cookies, or ‘local shared objects’ (LSOs) as they are technically known, were designed by Adobe to control Flash player settings across multiple browsers before web companies hit upon using them to track online behaviour.

The Flash alternative was considered to be a more reliable proxy for counting individual web users than the traditional HTTP cookie as LSOs were less well-known and stored outside the browser environment – thus making them less likely to be deleted.

But privacy advocates were enraged at what they saw as attempts by companies to skirt the privacy preferences of consumers. Most troubling to them was the release of a paper by Berkeley University researchers which explained how Flash cookies could be used to ‘respawn’ previously deleted HTTP cookies so as to continue tracking web users.

Quantcast cookies were among those found to be respawning, but following the publication of the paper last year Quantcast announced that it had taken steps to “remedy the behaviour” and confirmed with the Berkeley researchers that the restoration of deleted cookies no longer occurred.

3 Comments

Sign this petition to Adobe to tell them to create protections against blatant abuse of these Flash Cookies:
http://www.change.org/petitions/view/tell_adobe_stop_allowing_malicious_flash_cookies_to_act_as_spyware

Adobe is already working with all the browser vendors to share an API that allows the browser to enable the clearing of Flash Player data from the browser UI:
https://wiki.mozilla.org/NPAPI:ClearPrivacyData
If you are a browser developer and have questions on the API, please see the technical information on that page.

3 Comments

Sign this petition to Adobe to tell them to create protections against blatant abuse of these Flash Cookies:
http://www.change.org/petitions/view/tell_adobe_stop_allowing_malicious_flash_cookies_to_act_as_spyware

Adobe is already working with all the browser vendors to share an API that allows the browser to enable the clearing of Flash Player data from the browser UI:
https://wiki.mozilla.org/NPAPI:ClearPrivacyData
If you are a browser developer and have questions on the API, please see the technical information on that page.